Every business that processes personal data in the EU — which is every business with users — receives data subject requests. Someone asks to see their data. Someone asks to delete their account. Someone asks for a machine-readable export. The law gives the user thirty days to get a real response. The tooling for handling those requests, at any price point below five figures a year, did not exist. miniterms just shipped it.
Under GDPR Articles 15 through 22, every individual can exercise seven distinct rights: access, rectification, erasure, portability, restriction of processing, objection, and the right to not be subject to purely automated decision-making. Each one has its own procedural rules. Article 12(3) caps the response clock at one month from receipt. Miss the window and you are in violation. OneTrust charges fifty thousand euros a year for the workflow that tracks this. That's the gap we just closed.
Open the new DSAR tab in the miniterms dashboard. Paste an incoming email or type a request manually. The classifier reads the subject and body, infers the GDPR right being exercised, and creates a ticket — with a 72-hour acknowledgement clock and a 30-day response deadline pinned to it. The inbox shows open tickets, overdue acknowledgements in amber, overdue responses in red, and everything due within a week in a separate bucket.
The classifier is deterministic. It recognises keywords across eight categories in both English and Spanish. Same input, same answer, every time — classification errors on compliance workflows compound fast, and a simple keyword matcher you can audit beats an opaque guess you can't. You can always re-classify manually from the detail view.
Compliance tooling that only exists at €50k a year isn't compliance tooling. It's a tax on being small.
Every triage action — status change, classification change, note added — lives on the ticket. Acknowledged-at and fulfilled-at timestamps are pinned the moment the status moves. This is the shape auditors and regulators look for when they open a case: can you show, per request, when you were notified, when you acknowledged, when you fulfilled, and what you did in between. The timeline is the evidence.
Version one is manual-entry. You can paste requests, classify them, and work the clock. Automated inbound — a `privacy@yourdomain` forwarder that creates tickets on email receipt and auto-sends the 72-hour acknowledgement — is v2. So is a one-click response template library per GDPR right, and an evidence-vault export auditors can read without logging into your dashboard. Each is a week of work. Each ships when interview signal says it earns its place.
DSAR intake is the first compliance operation miniterms owns at runtime. Until today it was a document generator — privacy policies, terms, DPAs out, nothing back. Now miniterms does one thing on behalf of the business: it receives, classifies, clocks, and tracks the lawful rights of the people whose data you hold. The DSAR inbox lives in miniterms standalone (€49/mo) and in Hub Pro (€99/mo) — the compliance floor that every solo business is legally required to have and couldn't previously afford.
If you're on the miniterms private beta, the tab is in your dashboard now. If you're on the waitlist and this is the thing that tips you into the beta request pile, reply to any of our emails and we'll move you up.